Currently, ISOs are posted in a temporary location, go through a test-fix-test-fix... cycle, then when ready (as decided at the Go/No-Go meeting) are posted in permanent locations. This does not happen with signed checksum files and .torrent files, even though they are part of the published content. I propose that 1) ASAP after ISOs are Gold (but never before), the checksum files should be signed and be placed in the stage/ directory replacing the unsigned checksum files. 2) The .torrent files should then be created, using the ISOs and signed checksum files in stage/, and placed in some temporary location (NOT where they currently go). 3) QA tests should be done to verify that the checksum files in stage/ are properly signed and have checksums matching those for the previous unsigned files, and that the .torrent files match the content in stage/ (both ISOs and signed checksum files). These tests are objective and trivial, so obviously don't need another Go/No-Go meeting. 4) When the signed checksum tests pass, the ISOs and signed checksum files get sent to the mirrors. 5) When the .torrent tests pass, the .torrent files go to their permanent locations. (Of course this doesn't have to be done immediately, the important thing is that it doesn't happen until the tests pass.) 6) When all tests pass, the corresponding files in stage/ can optionally be deleted. If any tests fail, fix and test again. Does this sound reasonable? -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
